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CLAIMS , . 
What is claimed is: / 

1 . A packet monitor for examining all packets parsing through a connection point on a 
computer network, the monitor comprising: / 

5 (a) a packet acquisition device couplep to the connection point and configured to 

receive packets passing through tharconnection point; and 

(b) a memory for storing a database comprising none or more flow-entries for 
previously encountered conversational flows to which a received packet may 
belong; / 

10 (c) a lookup engine coupleMo the packet acquisition device configured to lookup 

whether a received packettoelongs to a flow in the flow-entry database, and to 
determine the state of thft flow for the received packet in the case that the packet 
belongs to a flow-entr/ 

(d) a state determining mechanism coupled to the lookup engine to determine the 
15 state of a flow in the case that the received packet does not belong to a flow in the 
flow-entry database; and mm v( .. . . ..... 

• (e) a state processor coupled to the lookup engine and to the state determining 
mechanism cc/nfigured to perform any state operations specified for the state of 
the flow starting from the last encountered state of the flow in the case that the 
20 packet is from an existing flow, and to perform any state operations required for 

the initiaVstate of the new flow in the case that the packet is from an existing 
flow. / 

2. A monitonraccording to claim 1, wherein the set of possible state operations that the 
state processor is configured to perform includes searching for one or more patterns in the 

25 packet potions. 

3. A mc/nitor according to claim 2, wherein the monitor processes all packets passing 
throum the connection point in real time. 
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A monitor according to claim 2, whereinAhe state processor is programmable, the 
monitor further including a state patterns/dperations memory coupled to the state 
processor, the state operations memory configured to store a database state 
patterns/operations. / 

A monitor according to claim 1, funfher including a buffer coupled to the packet 
acquisition device, to the state processor, and to the lookup engine, the buffer configured 
to accepting at least selected portiora of the received packet. 

A monitor according to claim 5/wherein the state processor includes a searching 
apparatus configured to search for k reference string of NR units in the buffer contents, the 
searching apparatus comprising: / 

(i) a first reference register configured to receive the NR units of a first reference 
string; / 

(ii) one or more target mata registers coupled in series and coupled to the buffer, 
the target data register/ configured to receive contents from the buffer; and 

(iii) a first plurality of/comparator sets, one comparator set corresponding to each of 
a set of starting positions in the target data registers, the comparator set of a 
particular starting position coupled to each unit of the first reference register and to 
NR units of the target data registers starting from the particular starting position 
and comparing tha first reference register contents to corresponding contents of 
NR contiguous uiits of the target data registers starting from the particular starting 
position, / 

such that each comparator set indicates if there is a match of the first reference string in 
the target data starting from its corresponding different starting position, 

whereby the first plurality of comparator sets indicates in parallel if the first reference 
string is contained jjn the target data registers starting at any of the starting positions. 

A processor configured to process contents of packets passing through a connection 
point on a computer network, the processor comprising: 
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(a) a buffer for receiving at least some of the contents of each packet passing 
through the connection point; 

(b) a memory containing one or more instructions of an instruction set for the state 
processor; 

(c) an arithmetic logic unit (ALU) coupled to the buffer; 

(d) a control block coupled to the ALU and to the instruction memory for decoding 
instructions; and 

(e) a program counter coupled to the instruction memory and to the ALU for 
indicating the next state processor instruction in the memory to process, 

wherein the ALU includes a searching apparatus comprising one or more comparators for 
searching for a reference string in the contents of a packet. 

8. A processor according to claim 7, wherein the state processor processes contents of all 
packets passing through the connection point in real time. 

9. A processor according to claim 7, wherein the instruction set includes an instruction 
for invoking the searching apparatus of the ALU to search for a specified reference string 
in the packet starting at an unknown location within a range of the packet. 

10. A processor according to claim 7, wherein the searching apparatus searches for any of 
a set of reference strings in the contents of a packet, and wherein the instruction set 
includes an instruction for invoking the searching apparatus to search for any of a set of 
specified reference strings in the packet starting at an unknown location within a range of 
the packet. 

11. A searching apparatus configured to seartJn for a reference string of NR units in target 
data starting from any of a set of starting positions within the target data, the searching 
apparatus comprising: / 

(a) a first reference/register configured to receive the NR units of a first reference 
string; / 
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(b) one or more target data registers coupled in series to receive the target data; 
and / 

(c) a first plurality of comparator sets, one comrarator set corresponding to each of 
the starting positions, the comparator set of a o&rticular starting position coupled to 

5 each unit of the first reference register and tofrlR units of the target data registers 

starting from the particular starting positio/ and comparing the first reference 
register contents to corresponding contends of NR contiguous units of the target 
data registers starting from the particular starting position, 

such that each comparator set indicates if there is a match of the first reference string in 
10 the target data starting from its corresponding different starting position, 

whereby the first plurality of comparatoraets indicates in parallel if the first reference 
string is contained in the target data registers stating at any of the starting positions. 

12. A searching apparatus according to claim 11, wherein the set of possible starting 
positions includes Nstart positions,ywherein the one or more target data registers are 

15 coupled in series to receive at leasjt NR+Nstart-1 units of the target data, and wherein the 
first plurality of comparator sets/ncludes Nstart comparator sets, one comparator set for 
each of the Nstart starting positions. 

13. A searching apparatus according to claim 12, wherein each of the target data registers 
holds Nstart units of data. / 

20 14. A searching apparatus/ according to claim 13, wherein Nstart units of the target data 
are clocked into the tareet data registers in one clock cycle, such that the first plurality of 
comparator sets indicates in one clock cycle if the first reference string is in the target area 
starting at any of theyNstart starting positions. 

15. A searching apparatus according to claim 14Vfurther comprising a mechanism to 
25 specify an offset Noffset, wherein during the first clock cycle of operation, the first 
Noffset startingtoositions are ignored such that the first plurality of comparator sets 
indicates in thof first clock cycle if the first reference string is in the target area starting at 
any of the Nafart- Noffset starting positions of the first data register that start after the first 
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Noffset starting positions, and wherein during subsequent clock cycles all Nstart starting 
positions are considered, / 

whereby in one or more clock cycles, the searching apparatus indicates if the first 
reference string is in the target data starting anywhere other than the first Noffset units. 

16. A searching apparatus according todlaim 11, wherein each comparator set includes 
NR consecutive comparators, each comparator having a reference unit input, a target unit 
input, and an output indicating a mat/h, each comparator coupled to the previous 
comparator's output such that the oiatput of a comparator is asserted when the reference 
and target data inputs match and tbfe previous comparator's output indicates a match. 

17. A searching apparatus according to claim 11, further comprising: 

(d) one or more furthe/ reference register for receiving NR units of one or more 
further reference strings; and 

(e) one or more furpier pluralities of comparator sets, one comparator set for each 
of a corresponding plurality of starting positions, each particular comparator set of 
each further plurality coupled to each unit of the corresponding further reference 
register and to MR units of the data registers starting from the particular 
comparator sers starting position and comparing the corresponding further 
reference register contents to NR units of the target data registers starting from the 
particular comparator set's starting position, 

such that the searching apparatus searches for any one of the first or further reference 
strings of NR units in contents of the target registers starting from any of the starting 
positions. / 

1 8. A searching apparatus according to claim 17, wherein each comparator set includes 
NR consecutive comparators, each comparator having a reference unit input, a target data 
unit inputt and an output indicating a match, each comparator coupled to the previous 
comparator's output such that the output of a comparator is asserted when the reference 
and tayget data inputs match and the previous comparator's output indicates a match. 
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19. A searching apparatus according to claim 1 1, wherein each comparator set includes 
NR consecutive comparators, each comparator Jiaving a reference unit input, a target data 
unit input, an enable input, and an output indi/ating a match, such that the match output of 
a comparator is asserted when the referenceyand target inputs match and the enable input is 
asserted, / 

wherein for a particular set of comparators for a particular starting position, the reference 
inputs of consecutive comparators are /oupled to consecutive units of the reference 
register, the target data inputs of consfecutive comparators are coupled to consecutive units 
of the target data registers starting at the particular starting location, the first comparator of 
the set is enabled, and the enable input of each comparator is coupled to the output of the 
previous comparator, such that tj/e output of the final comparator is asserted when the NR 
units of the reference string ana the NR units of the target data agree. 

20. A searching apparatus according to claim 1 1, wherein the unit is a byte. 

21. A searching apparatus according to claim 19, wherein the final, comparator outputs of 
the sets are coupled to a priority selector having an output indicating if and where a match 
of the reference string occurred in the target data. 

22. A searching apparatus according to claim 20, wherein NR is 16 bytes. 

23. A searching apparatus according to claim 12, wherein NR is 16 bytes and wherein 
each of the data registers has Nstart bytes, such that the searching apparatus indicates a 
match starting anywhere within the first data register. 

24. A searching apparatus configured to search for a reference string of NR units in a 
target data stream, the apparatus comprising: 

(a) a first NR-unit comparator having NR pairs of inputs and an output indicating a 
maton of each pair of the NR-pairs of inputs; and 

(b) /NR connections indicating values of the reference string and defining a first 
axis of a matrix, and NR connections indicating values of the target data defining a 
Second axis of the matrix perpendicular to the first axis, the target data connections 
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starting from a first starting location of the target data and ending at an ending 
location, / 

wherein the first comparator is oriented along the diagonal of the matrix such that NR 
connections of the target data are compared to the NR reference string connections. 

5 25. A searching apparatus according to/claim 24, further comprising: 

additional one or more contiguous connections parallel and contiguous to the 
target data connections in the matrix and starting from the ending location; and 

an additional NR-uniycomparator for and corresponding to each of the 
additional target data connections, each additional comparators parallel to the first 
10 comparator and shifteci towards the additional target connections in the matrix, 

such that each additional comparator compares the reference string to a different set of NR 
units continuous values oMhe target data starting from a different staring point. 

26. A searching apparatus according to claim 25, further comprising: 

one or more further sets of NR-unit comparators; and 

15 further sets connections corresponding for the further sets of NR-unit 

comparators?, the further connections defining one or more additional matrices, 
each further set of connections along the first axis indicating values of one or more 

■• corresponding further reference strings-along the first axis, and NR connections 

indicating values of the target data along the second axis, 

20 such that eacn additional comparator set compares the corresponding one of the reference 
strings to a different set of NR contiguous values of the target data starting from a 
different staring point. 
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